RT 4.0.7 Released

I'm happy to announce that RT 4.0.7 is now available.

This release contains a number of bugfixes since the 4.0.6 release. In particular, we have adjusted the CSRF warning for a few pages based on user feedback.

This release bumps dependencies on Email::Address, FCGI and IPC::Run so please make sure to run 'make testdeps' and if required 'make fixdeps' before upgrading. Running 'make upgrade' will also check your installed versions for errors.

Security

  • Bump the FCGI dependency to one which closes CVE-2011-2766 The 4.0 series did not specify a minimum FCGI version and it's possible that a vulnerable release of the perl FCGI module was installed when you set up an earlier release of 4.0.x

Features

  • Allow specification of your CSRF Whitelist Referrer using *.example.com
  • Allow searching for tickets associated with articles using a:42
  • Upgrade our Date/Time picker JS, allow unsetting of CFs
  • Improve display of circularly linked tickets
  • Optimize the large table changes between 3.2 and 3.4 for MySQL
  • Provide a better error if your CreateTickets template is malformed
  • Add the ExtractTicketId function to make customizing ticket id matching easier

Bugfixes

  • Don't trust emails that claim to be UTF-8, convert it to UTF-8 before storing
  • Fix a shredder bug when deleting a user and replacing it with another user
  • Remove CSRF restrictions on search results page
  • Ensure that TransactionBatch scrips always run in the RT::System context rather than having some sub-objects in the original user's context.
  • Better display of multipart/related mail
  • Remove some warnings when running under Perl 5.16
  • Better errors when viewing approvals without rights
  • Bring back rounded corners on FireFox >= 13 by using the standard border-radius property
  • $Users->LimitCustomField now ignores disabled ObjectCustomFieldValues properly (same for other non-ticket objects).
  • Versions of IPC::Run < 0.90 could truncate labels on charts that contain UTF-8 characters
  • Fix a rendering issue where certain emails would cause the history to render progressively more staggered to the right
  • Make owner:falcone and owner:falcone@example.com work
  • CF.{Foo} TicketSQL searches are now case insensitive on Pg and Oracle
  • Tickets with Unicode subjects created through the Web UI could end up being corrupted on reply because of other headers passed to MIME::Head
  • Ignore DECRYPTION_INFO from GnuPG 1.4.12
  • Record LastUpdated(By) on Scrips
  • Simple Search now handles Custom Fields with dashes
  • Remove another hardcoded use of 'resolved' in the mailgate unsafe actions
  • When deleting dashboards, also delete subscriptions
  • Fix rendering of links from bin/rt
  • Don't allow ticket creation if your REST form contains an unknown field
  • Skip users with empty email addresses in autocompletion
  • Loosen our detection of mobile browser to search for the word 'mobile'
  • Don't provide a charset on download of binary attachments
  • Fix UseSideBySideLayout to not be cached across users
  • Ensure that article searches are case insensitive
  • QueueSummaryByStatus now uses the improved code from QueueSummaryByLifecylcle

A complete changelog is available from git by running 

git log rt-4.0.6..rt-4.0.7

or visiting

https://github.com/bestpractical/rt/compare/rt-4.0.6...rt-4.0.7

although they will not load all of the commits.

Kevin Falcone

Share this post: